Remote desktop access tool GoToMyPC is forcing all of its users to change their passwords as a result of hackers targeting the service with a “very sophisticated password attack.”

GoToMyPC, which is owned by Citrix, started to roll out the system-wide password update on Sunday.

In a status update, Citrix said that it began taking immediate action though there is no indication of any compromise, as well as no indication that any other Citrix product was affected.

Attackers used existing usernames and passwords leaked from other sites to access the GoToMyPC accounts, highlighting the need for strong passwords and different passwords for online services. Citrix also recommended users enable two-step verification. Unauthorized access of GoToMyPC could enable hackers to access

“Our initial assessment indicates that no sensitive customer data (such as credit card information) was exposed. We are continuing an in-depth forensic investigation and will share the results of this investigation as soon as feasible,” Citrix said in a status update.